A UK view on Cyber, Information & IT Security by Security Expert Dave Whitelegg. Providing advice and explaining security for everyone, and also contemplating advanced themes and future trends in security.
With a focus on all the latest developments & issues within the UK Information Security space such as Hacking, DDoS, Botnets, Malware, Identity Theft, Data Protection (DPA) and regulatory compliance like PCI DSS & ISO27001:2013, all will be explained in an easy to understand way.

Tuesday, 14 January 2014

UK Information Security Threat Horizon 2014

I was asked for my views on the Threat Horizon, specifically what attacks and trends do I expect to impact UK businesses in 2014, so I thought I'd share my thoughts. The following are my own views, and they are not based on any specific studies or reports, but on what I've generally read, discussed and trends I have seen affecting UK businesses in the last couple of years.

Cloud Data Protection

UK businesses continue the 'Cloud Rush', meaning more and more confidential data is going into the cloud. I don't think this is so much a Snowden privacy revelation issue with government spying, but I see the problem is that UK businesses are being taken in by the marketing cost saving glitz, and so are blindly trusting cloud service providers. At the end of the day a cloud service provider is a third party service provider. A cloud service purchased by a business, where the third party is charged with adequately protecting confidential information, must be properly vetted and risk assessed. I think there will be UK businesses in 2014, that will come a cropper, and suffer a data breach due to inadequately secured cloud service.

DDoS

Distributed Denial of Service attacks (DDoS) are increasingly hitting UK businesses, both large corporations and SMEs. The source of such attacks range from very public Hackivisim to very private blackmail attempts. Most UK businesses don't have decent or any DDoS defences in place, hence why this attack vector is increasing in popularity in the UK.

Windows XP / Office 2003

After April 2014, Microsoft will no longer support Windows XP and Office 2003, this means no further security patches will be released to resolve any newly discovered vulnerabilities in Windows XP and Office 2003. As a result I expect Windows XP to be targeted in 2014. However I think if a serious enough vulnerability was uncovered in Windows XP, Microsoft would still patch it, but this is my own assumption, so don't quote me on that. But the real problem here is many UK businesses, and indeed many citizens in the UK, will still be using Windows XP past April 2014.

Malware

Malware will continue to become ever more sophisticated, and there will be more crafted and targeted malware attacks against UK organisations. Sure you don't have to be Mystic Meg to predict this one, as this is a trend that continues year on year. Having said that, its pretty clear that Ransomware is making a big comeback at the moment, which may well have a serious impact against some UK SMEs in 2014.

Mobile

Mobile devices will increasingly be targeted, as it does every year. Nothing new, but mobile platforms are increasingly becoming the lowest hanging fruit in gathering confidential information from UK businesses, especially those that do not adequately control their Bring Your Own Device (BYOD) schemes and employee devices.

Finally I predict there will be plenty of UK businesses, that will suffer data breaches for not providing even the basic level of information security. This is a no brainer prediction for 2014 for most in the InfoSec industry, yet unfortunately I will be proven right on this one.

About Me

ShareThis

Disclaimer

This is a personal website, all views or opinions represented in this blog are personal to Dave Whitelegg and guest bloggers that post, and do not represent the views or opinions of any business or organisation. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information.

All original content copyright David Whitelegg 2007-2016. You may not use any original content with. Awesome Inc. template. Powered by Blogger.